Okay, I created a patch that fixed the issue, you can find it attached. What is the usual procedure for reviewing the patch and merging it? I am sorry for being a newbie ;) Kind regards, Philipp Fyi, I already mentioned this problem/patch to Hans-Christoph Steiner <hans@eds.org>, who was responsible for merging the problematic OpenSSL 1.1.x patch. Am 01-Dec-17 um 12:49 schrieb Gianfranco Costamagna: > > >> Open the software, click "Save As", enter any filename, click save - >> Segmentation Fault. >> but instead to stable. > > exactly, backports isn't the place to fix bugs in stable > >> As far as I can see and tell, only Skrooge depends on libsqlcipher0 ->and it is currently broken. >> Sadly, I have no experience on how to get this stone rolling. Should I >> file a bug against Skrooge in Stable? Or would I make more sende for >> someone else to do this? > the best chance to get it working, is to isolate the fix, do a minimal > libsqlcipher upload with ABI stability, starting from the old version. > This way skrooge will start to work, and no new release will be needed > > G.
--- crypto_openssl.c 2017-12-01 13:19:04.000000000 +0100
+++ crypto_openssl.c.new 2017-12-01 13:19:24.251947325 +0100
@@ -109,6 +109,8 @@
is called by SQLCipher internally. This should prevent SQLCipher from
"cleaning up" openssl when it was initialized externally by the program */
EVP_cleanup();
+ } else {
+ openssl_external_init = 0;
}
#ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
sqlite3_mutex_free(openssl_rand_mutex);
@@ -145,8 +147,8 @@
static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
unsigned int outlen;
#if OPENSSL_VERSION_NUMBER >= 0x10100001L
- HMAC_CTX *hctx;
- hctx = HMAC_CTX_new();
+ HMAC_CTX* hctx = HMAC_CTX_new();
+ if(hctx == NULL) return SQLITE_ERROR;
HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
HMAC_Update(hctx, in, in_sz);
HMAC_Update(hctx, in2, in2_sz);
@@ -173,15 +175,15 @@
int tmp_csz, csz;
#if OPENSSL_VERSION_NUMBER >= 0x10100001L
- EVP_CIPHER_CTX *ectx;
- ectx = EVP_CIPHER_CTX_new();
- EVP_CipherInit(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
+ EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
+ if(ectx == NULL) return SQLITE_ERROR;
+ EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode);
EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding
- EVP_CipherInit(ectx, NULL, key, iv, mode);
+ EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode);
EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz);
csz = tmp_csz;
out += tmp_csz;
- EVP_CipherFinal(ectx, out, &tmp_csz);
+ EVP_CipherFinal_ex(ectx, out, &tmp_csz);
csz += tmp_csz;
EVP_CIPHER_CTX_free(ectx);
@@ -204,8 +206,11 @@
static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) {
openssl_ctx *o_ctx = (openssl_ctx *)ctx;
- o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
- return SQLITE_OK;
+ EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
+ if(cipher != NULL) {
+ o_ctx->evp_cipher = cipher;
+ }
+ return cipher != NULL ? SQLITE_OK : SQLITE_ERROR;
}
static const char* sqlcipher_openssl_get_cipher(void *ctx) {
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature